CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
57.4%
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges.
Vendor | Product | Version | CPE |
---|---|---|---|
marc_ingram | services | 5.x-0.9 | cpe:2.3:a:marc_ingram:services:5.x-0.9:*:*:*:*:*:*:* |
marc_ingram | services | 5.x-0.91 | cpe:2.3:a:marc_ingram:services:5.x-0.91:*:*:*:*:*:*:* |
marc_ingram | services | 5.x-1.x-dev | cpe:2.3:a:marc_ingram:services:5.x-1.x-dev:*:*:*:*:*:*:* |
marc_ingram | services | 6.x-0.9 | cpe:2.3:a:marc_ingram:services:6.x-0.9:*:*:*:*:*:*:* |
marc_ingram | services | 6.x-0.11 | cpe:2.3:a:marc_ingram:services:6.x-0.11:*:*:*:*:*:*:* |
marc_ingram | services | 6.x-0.12 | cpe:2.3:a:marc_ingram:services:6.x-0.12:*:*:*:*:*:*:* |
marc_ingram | services | 6.x-1.x-dev | cpe:2.3:a:marc_ingram:services:6.x-1.x-dev:*:*:*:*:*:*:* |
drupal | drupal | * | cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* |